{"id":1050,"date":"2016-10-11T03:01:56","date_gmt":"2016-10-11T03:01:56","guid":{"rendered":"http:\/\/54.201.249.27\/?p=1050"},"modified":"2016-10-11T03:01:56","modified_gmt":"2016-10-11T03:01:56","slug":"security-fatigue-may-cause-computer-users-feel-hopeless-act-recklessly","status":"publish","type":"post","link":"https:\/\/blackopspartners.com\/security-fatigue-may-cause-computer-users-feel-hopeless-act-recklessly\/","title":{"rendered":"\u201cSecurity fatigue\u201d may cause computer users to feel hopeless and act recklessly"},"content":{"rendered":"<h1>\u201cSecurity fatigue\u201d may cause computer users to feel hopeless and act recklessly.<\/h1>\n<p>After updating your password for the umpteenth time, have you resorted to using one you know you\u2019ll remember because you\u2019ve used it before? Have you ever given up on an online purchase because you just didn\u2019t feel like creating a new\u00a0account?<\/p>\n<p>If you have done any of those things, it might be the result of \u201csecurity fatigue.\u201d It exposes online users to risk and costs businesses money in lost\u00a0customers.<\/p>\n<p><span class=\"caps\">NIST<\/span>\u00a0<a href=\"https:\/\/www.nist.gov\/news-events\/news\/2016\/10\/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">says<\/a>\u00a0that\u00a0<a href=\"https:\/\/www.computer.org\/csdl\/mags\/it\/2016\/05\/mit2016050026-abs.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">a new study<\/a>\u00a0from the National Institute of Standards and Technology (<span class=\"caps\">NIST<\/span>) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal\u00a0lives.<\/p>\n<p>Security fatigue is defined in the study as a weariness or reluctance to deal with computer security. As one of the study\u2019s research subjects said about computer security, \u201cI don\u2019t pay any attention to those things anymore\u2026People get weary from being bombarded by \u2018watch out for this or watch out for\u00a0that.\u2019\u201d<\/p>\n<p>\u201cThe finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people\u2019s everyday life,\u201d cognitive psychologist and co-author Brian Stanton said. \u201cIt is critical because so many people bank online, and since health care and other valuable information is being moved to the\u00a0internet.\u201d<\/p>\n<p>\u201cIf people can\u2019t use security, they are not going to, and then we and our nation won\u2019t be secure,\u201d Stanton\u00a0said.<\/p>\n<p>The study, published this week in\u00a0<span class=\"caps\">IEEE<\/span>\u2019s\u00a0<a href=\"http:\/\/ieeexplore.ieee.org\/document\/7579112\/?reload=true\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"><em><span class=\"caps\">IT<\/span>\u00a0Professional<\/em><\/a>, draws on data from a qualitative study on computer users\u2019 perception and beliefs about cybersecurity and online privacy. The subjects ranged in age from their 20s to their 60s, hailed from urban, suburban and rural areas, and held a variety of\u00a0jobs.<\/p>\n<p>The interviews focused on the subjects\u2019 work and home computer use, specifically about online activity, including shopping and banking, computer security, security terminology, and security icons and\u00a0tools.<\/p>\n<p>\u201cWe weren\u2019t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data,\u201d computer scientist and co-author Mary Theofanos\u00a0said.<\/p>\n<p>\u201cYears ago, you had one password to keep up with at work,\u201d she said. \u201cNow people are being asked to remember 25 or 30. We haven\u2019t really thought about cybersecurity expanding and what it has done to\u00a0people.\u201d<\/p>\n<p>The multidisciplinary team learned that the majority of their average computer users felt overwhelmed and bombarded, and they got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security\u00a0issues.<\/p>\n<p>When asked to make more computer security decisions than they are able to manage, they experience decision fatigue, which leads to security\u00a0fatigue.<\/p>\n<p>Researchers found that the result of weariness leads to feelings of resignation and loss of control. These reactions can lead to avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security\u00a0rules.<\/p>\n<p>Comments among those who expressed feelings of security fatigue\u00a0included:<\/p>\n<ul>\n<li>\u201cI get tired of remembering my username and\u00a0passwords.\u201d<\/li>\n<li>\u201cI never remember the\u00a0<span class=\"caps\">PIN<\/span>\u00a0numbers, there are too many things for me to remember. It is frustrating to have to remember this useless\u00a0information.<\/li>\n<li>\u201cIt also bothers me when I have to go through more additional security measures to access my things, or get locked out of my own account because I forgot as I accidentally typed in my password\u00a0incorrectly.\u201d<\/li>\n<\/ul>\n<p>Participants also wonder why they would be targeted in a cyberattack. The data showed that many interviewees did not feel important enough for anyone to want to take their information, nor did they know anyone who had ever been\u00a0hacked.<\/p>\n<p>Commenters also expressed the sentiment that safeguarding data is someone else\u2019s responsibility, leaving computer security up to their bank, online store or someone with more\u00a0experience.<\/p>\n<p>Individuals also questioned how they could effectively protect their data when large organizations frequently fall victim to\u00a0cyberattacks.<\/p>\n<p>The data provided evidence for three ways to ease security fatigue and help users maintain secure online habits and behavior. They\u00a0are:<\/p>\n<ol>\n<li>Limit the number of security decisions users need to\u00a0make;<\/li>\n<li>Make it simple for users to choose the right security action;\u00a0and<\/li>\n<li>Design for consistent decision making whenever\u00a0possible.<\/li>\n<\/ol>\n<p><span class=\"caps\">NIST<\/span>\u00a0says that to obtain a clearer picture of computer security behavior, the researchers will be interviewing additional computer users of varying levels of responsibility, including cybersecurity professionals; mid-level employees with responsibilities to protect personally identifiable information in fields such as health care, finance and education; and workers who use computers but for whom security is not their primary\u00a0responsibility.<\/p>\n<p>Stanton and Theofanos suggest it will take a multidisciplinary team of computer security experts, psychologists, sociologists and anthropologists working together to improve computer security issues, including behavior, to manage security\u00a0fatigue.<\/p>\n<p><span style=\"color: #ffcc00;\">Originally appeared in <a style=\"color: #ffcc00;\" href=\"http:\/\/www.homelandsecuritynewswire.com\/dr20161011-security-fatigue-may-cause-computer-users-to-feel-hopeless-and-act-recklessly\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Homeland Security News Wire<\/a>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>After updating your password for the umpteenth time, have you resorted to using one you know you\u2019ll remember because you\u2019ve used it before? Have you ever given up on an online purchase because you just didn\u2019t feel like creating a new account?<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[8,10],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/1050"}],"collection":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/comments?post=1050"}],"version-history":[{"count":0,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/1050\/revisions"}],"wp:attachment":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/media?parent=1050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/categories?post=1050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/tags?post=1050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}